package at.gv.egovernment.moa.id.protocols.oauth20.protocol;

import java.net.URLEncoder;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.lang.StringUtils;

import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IModulInfo;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.util.ErrorResponseUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;

import com.google.gson.JsonObject;

import java.util.Arrays;

public class OAuth20Protocol implements IModulInfo {
	
	public static final String NAME = OAuth20Protocol.class.getName();
	public static final String PATH = "id_oauth20";
	
	public static final String AUTH_ACTION = "AUTH";
	public static final String TOKEN_ACTION = "TOKEN";
	
	public static final List<String> DEFAULTREQUESTEDATTRFORINTERFEDERATION = Arrays.asList(
			new String[] {
					PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME,
					PVPConstants.BPK_NAME
			});
	
	private static HashMap<String, IAction> actions = new HashMap<String, IAction>();
	
	static {
		actions.put(AUTH_ACTION, new OAuth20AuthAction());
		actions.put(TOKEN_ACTION, new OAuth20TokenAction());
	}
	
	public String getName() {
		return NAME;
	}
	
	public String getPath() {
		return PATH;
	}
	
	public IAction getAction(String action) {
		return actions.get(action);
	}
	
	/*
	 * (non-Javadoc)
	 * @see
	 * at.gv.egovernment.moa.id.moduls.IModulInfo#preProcess(javax.servlet.http.HttpServletRequest,
	 * javax.servlet.http.HttpServletResponse, java.lang.String)
	 */
	public IRequest preProcess(HttpServletRequest request, HttpServletResponse resp, String action,
			String sessionId, String transactionId) throws MOAIDException {
		// validation is done inside creation
		OAuth20BaseRequest res = OAuth20BaseRequest.newInstance(action, request, sessionId, transactionId);
		Logger.debug("Created: " + res);
		return res;
	}
	
	/*
	 * (non-Javadoc)
	 * @see
	 * at.gv.egovernment.moa.id.moduls.IModulInfo#canHandleRequest(javax.servlet.http.HttpServletRequest
	 * , javax.servlet.http.HttpServletResponse)
	 */
	public IAction canHandleRequest(HttpServletRequest request, HttpServletResponse response) {
		if (!StringUtils.isEmpty(request.getParameter("action"))) {
			if (request.getParameter("action").equals(AUTH_ACTION)) {
				return getAction(AUTH_ACTION);
			} else if (request.getParameter("action").equals(TOKEN_ACTION)) {
				return getAction(TOKEN_ACTION);
			}
		}
		
		return null;// getAction(AUTH_ACTION);
	}
	
	/*
	 * (non-Javadoc)
	 * @see at.gv.egovernment.moa.id.moduls.IModulInfo#generateErrorMessage(java.lang.Throwable,
	 * javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse,
	 * at.gv.egovernment.moa.id.moduls.IRequest)
	 */
	public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, IRequest protocolRequest)
			throws Throwable {
				
		// get error code and description
		String errorCode;
		String errorDescription;
		String errorUri = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() 
				+"/" + OAuth20Constants.ERRORPAGE;
		String moaError = null;
		
		ErrorResponseUtils errorUtils = ErrorResponseUtils.getInstance();
		
		if (e instanceof OAuth20Exception) {
			errorCode = ((OAuth20Exception) e).getErrorCode();
			errorDescription = URLEncoder.encode(((OAuth20Exception) e).getMessageId() + ": " + e.getMessage(), "UTF-8");
			moaError = errorUtils.mapInternalErrorToExternalError(((OAuth20Exception) e).getMessageId());
			
		} else {
			errorCode = OAuth20Constants.ERROR_SERVER_ERROR;
			errorDescription = URLEncoder.encode(e.getMessage(), "UTF-8");
			moaError = errorUtils.getResponseErrorCode(e);
		}
				
		String paramRedirect = null;
		String state = null;
		boolean isAuthRequest = false;
		if (protocolRequest != null) {
			if (protocolRequest instanceof OAuth20AuthRequest) {
				isAuthRequest = true;
				
				paramRedirect = ((OAuth20AuthRequest) protocolRequest).getRedirectUri();
				state = ((OAuth20AuthRequest) protocolRequest).getState();
			} else {
				isAuthRequest = false;
			}
		} else {
			String action = request.getParameter("action");
			if (MiscUtil.isNotEmpty(action)) {
				if (action.equals(AUTH_ACTION)) {
					
					paramRedirect = request.getParameter(OAuth20Constants.PARAM_REDIRECT_URI);
					state = request.getParameter(OAuth20Constants.PARAM_STATE);
					isAuthRequest = true;
				}
			} else {
				throw new MOAIDException("oauth20.01", new Object[] {});
			}
		}
		
		// if (action.equals(AUTH_ACTION)) {
		if (isAuthRequest) {
			Logger.debug("Going to throw O OAuth20Exception for auth request");
			
			StringBuilder url = new StringBuilder();
			
			// check if given redirect url is ok
			if (StringUtils.isNotEmpty(paramRedirect) && OAuth20Util.isUrl(paramRedirect)) {
				url.append(paramRedirect);
				
				// otherwise throw an
			} else {
				throw new MOAIDException("oauth20.01", new Object[] {});
			}
			
			OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_ERROR, errorCode);
			OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_ERROR_DESCRIPTION, errorDescription);
			if (MiscUtil.isNotEmpty(moaError))
				OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_ERROR_URI, errorUri + "#" + moaError);
			OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_STATE, state);
			
			response.setContentType("text/html");
			response.setStatus(HttpServletResponse.SC_FOUND);
			response.addHeader("Location", url.toString());
			Logger.debug("REDIRECT TO: " + url.toString());
			return true;
			
		} else {
			Logger.debug("Going to throw O OAuth20Exception for token request");
			
			Map<String, Object> params = new HashMap<String, Object>();
			params.put(OAuth20Constants.PARAM_ERROR, errorCode);
			params.put(OAuth20Constants.PARAM_ERROR_DESCRIPTION, errorDescription);
			params.put(OAuth20Constants.PARAM_ERROR_URI, errorUri + "#" + moaError);
			
			// create response
			JsonObject jsonObject = new JsonObject();
			OAuth20Util.addProperytiesToJsonObject(jsonObject, params);
			String jsonResponse = jsonObject.toString();
			Logger.debug("JSON Response: " + jsonResponse);
			
			// write respone to http response
			response.setContentType("application/json");
			response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
			response.getOutputStream().print(jsonResponse);
			response.getOutputStream().close();
			
			return true;
		}
		
		// return false;
		
	}
	
	/*
	 * (non-Javadoc)
	 * @see
	 * at.gv.egovernment.moa.id.moduls.IModulInfo#validate(javax.servlet.http.HttpServletRequest,
	 * javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.moduls.IRequest)
	 */
	public boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending) {
		// we validate in the preProcess
		return true;
	}
	
}